IT infrastructures of enterprises are constantly under attack from a variety of threats (e.g., hacking or industrial espionage efforts). To satisfy various requirements (e.g., product standards, performance, legal, security, and other requirements) related to the security of software, developers need to perform statistical analysis system (SAS) testing to check their developed software for software code vulnerabilities that could be exploited by hackers and malicious individuals. SAS testing typically includes static application security testing (SAST) and is designed to analyze application source code, byte code, and binaries of an application from the “inside out” in a non-running state (in other words, static testing involves examination of a software program's code and its associated documentation but does not require the software program be executed) for coding and design conditions that are indicative of security vulnerabilities in the software's inputs and outputs that can easily be missed by a programmer. The latest release-versioned SAS tools are normally not consumable by an older (legacy)-versioned release of software development tools. As the SAS tools provide the ability to check for, among other things, application backdoors, malicious code, and other threats that may exist in deployed software-applications, the inability of legacy-versioned software development tools to consume the latest release-versioned SAS testing tools for software developed on the legacy-versioned releases of the software development tools can result in software that may contain unnecessary security vulnerabilities.